Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Core / System / Diagnostics / Eventing / Reader / EventLogSession.cs / 1305376 / EventLogSession.cs
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
/*============================================================
**
** Class: EventLogSession
**
** Purpose:
** Defines a session for Event Log operations. The session can
** be configured for a remote machine and can use specfic
** user credentials.
============================================================*/
using System;
using System.Security;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using Microsoft.Win32;
using System.Globalization;
namespace System.Diagnostics.Eventing.Reader {
///
/// Session Login Type
///
public enum SessionAuthentication {
Default = 0,
Negotiate = 1,
Kerberos = 2,
Ntlm = 3
}
///
/// The type: log / external log file to query
///
public enum PathType
{
LogName = 1,
FilePath = 2
}
[System.Security.Permissions.HostProtection(MayLeakOnAbort = true)]
public class EventLogSession : IDisposable {
//
//the two context handles for rendering (for EventLogRecord).
//the system and user context handles. They are both common for all the event instances and can be created only once.
//access to the data member references is safe, while
//invoking methods on it is marked SecurityCritical as appropriate.
//
internal EventLogHandle renderContextHandleSystem = EventLogHandle.Zero;
internal EventLogHandle renderContextHandleUser = EventLogHandle.Zero;
//the dummy [....] object for the two contextes.
private object syncObject = null;
private string server;
private string user;
private string domain;
private SessionAuthentication logOnType;
//we do not maintain the password here.
//
//access to the data member references is safe, while
//invoking methods on it is marked SecurityCritical as appropriate.
//
private EventLogHandle handle = EventLogHandle.Zero;
//setup the System Context, once for all the EventRecords.
[System.Security.SecuritySafeCritical]
internal void SetupSystemContext() {
EventLogPermissionHolder.GetEventLogPermission().Demand();
if (!this.renderContextHandleSystem.IsInvalid)
return;
lock (this.syncObject) {
if (this.renderContextHandleSystem.IsInvalid) {
//create the SYSTEM render context
//call the EvtCreateRenderContext to get the renderContextHandleSystem, so that we can get the system/values/user properties.
this.renderContextHandleSystem = NativeWrapper.EvtCreateRenderContext(0, null, UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextSystem);
}
}
}
[System.Security.SecuritySafeCritical]
internal void SetupUserContext() {
EventLogPermissionHolder.GetEventLogPermission().Demand();
lock (this.syncObject) {
if (this.renderContextHandleUser.IsInvalid) {
//create the USER render context
this.renderContextHandleUser = NativeWrapper.EvtCreateRenderContext(0, null, UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextUser);
}
}
}
// marked as SecurityCritical because allocates SafeHandle.
// marked as TreatAsSafe because performs Demand().
[System.Security.SecurityCritical]
public EventLogSession() {
EventLogPermissionHolder.GetEventLogPermission().Demand();
//handle = EventLogHandle.Zero;
syncObject = new object();
}
public EventLogSession(string server)
:
this(server, null, null, (SecureString)null, SessionAuthentication.Default) {
}
// marked as TreatAsSafe because performs Demand().
[System.Security.SecurityCritical]
public EventLogSession(string server, string domain, string user, SecureString password, SessionAuthentication logOnType) {
EventLogPermissionHolder.GetEventLogPermission().Demand();
if (server == null)
server = "localhost";
syncObject = new object();
this.server = server;
this.domain = domain;
this.user = user;
this.logOnType = logOnType;
UnsafeNativeMethods.EvtRpcLogin erLogin = new UnsafeNativeMethods.EvtRpcLogin();
erLogin.Server = this.server;
erLogin.User = this.user;
erLogin.Domain = this.domain;
erLogin.Flags = (int)this.logOnType;
erLogin.Password = CoTaskMemUnicodeSafeHandle.Zero;
try {
if (password != null)
erLogin.Password.SetMemory(Marshal.SecureStringToCoTaskMemUnicode(password));
//open a session using the erLogin structure.
handle = NativeWrapper.EvtOpenSession(UnsafeNativeMethods.EvtLoginClass.EvtRpcLogin, ref erLogin, 0, 0);
}
finally {
erLogin.Password.Close();
}
}
internal EventLogHandle Handle {
get {
return handle;
}
}
public void Dispose() {
Dispose(true);
GC.SuppressFinalize(this);
}
[System.Security.SecuritySafeCritical]
protected virtual void Dispose(bool disposing) {
if (disposing) {
if ( this == globalSession )
throw new InvalidOperationException();
EventLogPermissionHolder.GetEventLogPermission().Demand();
}
if (this.renderContextHandleSystem != null &&
!this.renderContextHandleSystem.IsInvalid)
this.renderContextHandleSystem.Dispose();
if (this.renderContextHandleUser != null &&
!this.renderContextHandleUser.IsInvalid)
this.renderContextHandleUser.Dispose();
if (handle != null && !handle.IsInvalid)
handle.Dispose();
}
public void CancelCurrentOperations() {
NativeWrapper.EvtCancel(handle);
}
static EventLogSession globalSession = new EventLogSession();
public static EventLogSession GlobalSession {
get { return globalSession; }
}
[System.Security.SecurityCritical]
public IEnumerable GetProviderNames()
{
EventLogPermissionHolder.GetEventLogPermission().Demand();
List namesList = new List(100);
using (EventLogHandle ProviderEnum = NativeWrapper.EvtOpenProviderEnum(this.Handle, 0))
{
bool finish = false;
do
{
string s = NativeWrapper.EvtNextPublisherId(ProviderEnum, ref finish);
if (finish == false) namesList.Add(s);
}
while (finish == false);
return namesList;
}
}
[System.Security.SecurityCritical]
public IEnumerable GetLogNames()
{
EventLogPermissionHolder.GetEventLogPermission().Demand();
List namesList = new List(100);
using (EventLogHandle channelEnum = NativeWrapper.EvtOpenChannelEnum(this.Handle, 0))
{
bool finish = false;
do
{
string s = NativeWrapper.EvtNextChannelPath(channelEnum, ref finish);
if (finish == false) namesList.Add(s);
}
while (finish == false);
return namesList;
}
}
public EventLogInformation GetLogInformation(string logName, PathType pathType) {
if (logName == null)
throw new ArgumentNullException("logName");
return new EventLogInformation(this, logName, pathType);
}
public void ExportLog(string path, PathType pathType, string query, string targetFilePath) {
this.ExportLog(path, pathType, query, targetFilePath, false);
}
public void ExportLog(string path, PathType pathType, string query, string targetFilePath, bool tolerateQueryErrors)
{
if (path == null)
throw new ArgumentNullException("path");
if (targetFilePath == null)
throw new ArgumentNullException("targetFilePath");
UnsafeNativeMethods.EvtExportLogFlags flag;
switch (pathType)
{
case PathType.LogName:
flag = UnsafeNativeMethods.EvtExportLogFlags.EvtExportLogChannelPath;
break;
case PathType.FilePath:
flag = UnsafeNativeMethods.EvtExportLogFlags.EvtExportLogFilePath;
break;
default:
throw new ArgumentOutOfRangeException("pathType");
}
if (tolerateQueryErrors == false)
NativeWrapper.EvtExportLog(this.Handle, path, query, targetFilePath, (int)flag);
else
NativeWrapper.EvtExportLog(this.Handle, path, query, targetFilePath, (int)flag | (int)UnsafeNativeMethods.EvtExportLogFlags.EvtExportLogTolerateQueryErrors);
}
public void ExportLogAndMessages(string path, PathType pathType, string query, string targetFilePath)
{
this.ExportLogAndMessages(path, pathType, query, targetFilePath, false, CultureInfo.CurrentCulture );
}
public void ExportLogAndMessages(string path, PathType pathType, string query, string targetFilePath, bool tolerateQueryErrors, CultureInfo targetCultureInfo ) {
if (targetCultureInfo == null)
targetCultureInfo = CultureInfo.CurrentCulture;
ExportLog(path, pathType, query, targetFilePath, tolerateQueryErrors);
NativeWrapper.EvtArchiveExportedLog(this.Handle, targetFilePath, targetCultureInfo.LCID, 0);
}
public void ClearLog(string logName)
{
this.ClearLog(logName, null);
}
public void ClearLog(string logName, string backupPath)
{
if (logName == null)
throw new ArgumentNullException("logName");
NativeWrapper.EvtClearLog(this.Handle, logName, backupPath, 0);
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
/*============================================================
**
** Class: EventLogSession
**
** Purpose:
** Defines a session for Event Log operations. The session can
** be configured for a remote machine and can use specfic
** user credentials.
============================================================*/
using System;
using System.Security;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using Microsoft.Win32;
using System.Globalization;
namespace System.Diagnostics.Eventing.Reader {
///
/// Session Login Type
///
public enum SessionAuthentication {
Default = 0,
Negotiate = 1,
Kerberos = 2,
Ntlm = 3
}
///
/// The type: log / external log file to query
///
public enum PathType
{
LogName = 1,
FilePath = 2
}
[System.Security.Permissions.HostProtection(MayLeakOnAbort = true)]
public class EventLogSession : IDisposable {
//
//the two context handles for rendering (for EventLogRecord).
//the system and user context handles. They are both common for all the event instances and can be created only once.
//access to the data member references is safe, while
//invoking methods on it is marked SecurityCritical as appropriate.
//
internal EventLogHandle renderContextHandleSystem = EventLogHandle.Zero;
internal EventLogHandle renderContextHandleUser = EventLogHandle.Zero;
//the dummy [....] object for the two contextes.
private object syncObject = null;
private string server;
private string user;
private string domain;
private SessionAuthentication logOnType;
//we do not maintain the password here.
//
//access to the data member references is safe, while
//invoking methods on it is marked SecurityCritical as appropriate.
//
private EventLogHandle handle = EventLogHandle.Zero;
//setup the System Context, once for all the EventRecords.
[System.Security.SecuritySafeCritical]
internal void SetupSystemContext() {
EventLogPermissionHolder.GetEventLogPermission().Demand();
if (!this.renderContextHandleSystem.IsInvalid)
return;
lock (this.syncObject) {
if (this.renderContextHandleSystem.IsInvalid) {
//create the SYSTEM render context
//call the EvtCreateRenderContext to get the renderContextHandleSystem, so that we can get the system/values/user properties.
this.renderContextHandleSystem = NativeWrapper.EvtCreateRenderContext(0, null, UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextSystem);
}
}
}
[System.Security.SecuritySafeCritical]
internal void SetupUserContext() {
EventLogPermissionHolder.GetEventLogPermission().Demand();
lock (this.syncObject) {
if (this.renderContextHandleUser.IsInvalid) {
//create the USER render context
this.renderContextHandleUser = NativeWrapper.EvtCreateRenderContext(0, null, UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextUser);
}
}
}
// marked as SecurityCritical because allocates SafeHandle.
// marked as TreatAsSafe because performs Demand().
[System.Security.SecurityCritical]
public EventLogSession() {
EventLogPermissionHolder.GetEventLogPermission().Demand();
//handle = EventLogHandle.Zero;
syncObject = new object();
}
public EventLogSession(string server)
:
this(server, null, null, (SecureString)null, SessionAuthentication.Default) {
}
// marked as TreatAsSafe because performs Demand().
[System.Security.SecurityCritical]
public EventLogSession(string server, string domain, string user, SecureString password, SessionAuthentication logOnType) {
EventLogPermissionHolder.GetEventLogPermission().Demand();
if (server == null)
server = "localhost";
syncObject = new object();
this.server = server;
this.domain = domain;
this.user = user;
this.logOnType = logOnType;
UnsafeNativeMethods.EvtRpcLogin erLogin = new UnsafeNativeMethods.EvtRpcLogin();
erLogin.Server = this.server;
erLogin.User = this.user;
erLogin.Domain = this.domain;
erLogin.Flags = (int)this.logOnType;
erLogin.Password = CoTaskMemUnicodeSafeHandle.Zero;
try {
if (password != null)
erLogin.Password.SetMemory(Marshal.SecureStringToCoTaskMemUnicode(password));
//open a session using the erLogin structure.
handle = NativeWrapper.EvtOpenSession(UnsafeNativeMethods.EvtLoginClass.EvtRpcLogin, ref erLogin, 0, 0);
}
finally {
erLogin.Password.Close();
}
}
internal EventLogHandle Handle {
get {
return handle;
}
}
public void Dispose() {
Dispose(true);
GC.SuppressFinalize(this);
}
[System.Security.SecuritySafeCritical]
protected virtual void Dispose(bool disposing) {
if (disposing) {
if ( this == globalSession )
throw new InvalidOperationException();
EventLogPermissionHolder.GetEventLogPermission().Demand();
}
if (this.renderContextHandleSystem != null &&
!this.renderContextHandleSystem.IsInvalid)
this.renderContextHandleSystem.Dispose();
if (this.renderContextHandleUser != null &&
!this.renderContextHandleUser.IsInvalid)
this.renderContextHandleUser.Dispose();
if (handle != null && !handle.IsInvalid)
handle.Dispose();
}
public void CancelCurrentOperations() {
NativeWrapper.EvtCancel(handle);
}
static EventLogSession globalSession = new EventLogSession();
public static EventLogSession GlobalSession {
get { return globalSession; }
}
[System.Security.SecurityCritical]
public IEnumerable GetProviderNames()
{
EventLogPermissionHolder.GetEventLogPermission().Demand();
List namesList = new List(100);
using (EventLogHandle ProviderEnum = NativeWrapper.EvtOpenProviderEnum(this.Handle, 0))
{
bool finish = false;
do
{
string s = NativeWrapper.EvtNextPublisherId(ProviderEnum, ref finish);
if (finish == false) namesList.Add(s);
}
while (finish == false);
return namesList;
}
}
[System.Security.SecurityCritical]
public IEnumerable GetLogNames()
{
EventLogPermissionHolder.GetEventLogPermission().Demand();
List namesList = new List(100);
using (EventLogHandle channelEnum = NativeWrapper.EvtOpenChannelEnum(this.Handle, 0))
{
bool finish = false;
do
{
string s = NativeWrapper.EvtNextChannelPath(channelEnum, ref finish);
if (finish == false) namesList.Add(s);
}
while (finish == false);
return namesList;
}
}
public EventLogInformation GetLogInformation(string logName, PathType pathType) {
if (logName == null)
throw new ArgumentNullException("logName");
return new EventLogInformation(this, logName, pathType);
}
public void ExportLog(string path, PathType pathType, string query, string targetFilePath) {
this.ExportLog(path, pathType, query, targetFilePath, false);
}
public void ExportLog(string path, PathType pathType, string query, string targetFilePath, bool tolerateQueryErrors)
{
if (path == null)
throw new ArgumentNullException("path");
if (targetFilePath == null)
throw new ArgumentNullException("targetFilePath");
UnsafeNativeMethods.EvtExportLogFlags flag;
switch (pathType)
{
case PathType.LogName:
flag = UnsafeNativeMethods.EvtExportLogFlags.EvtExportLogChannelPath;
break;
case PathType.FilePath:
flag = UnsafeNativeMethods.EvtExportLogFlags.EvtExportLogFilePath;
break;
default:
throw new ArgumentOutOfRangeException("pathType");
}
if (tolerateQueryErrors == false)
NativeWrapper.EvtExportLog(this.Handle, path, query, targetFilePath, (int)flag);
else
NativeWrapper.EvtExportLog(this.Handle, path, query, targetFilePath, (int)flag | (int)UnsafeNativeMethods.EvtExportLogFlags.EvtExportLogTolerateQueryErrors);
}
public void ExportLogAndMessages(string path, PathType pathType, string query, string targetFilePath)
{
this.ExportLogAndMessages(path, pathType, query, targetFilePath, false, CultureInfo.CurrentCulture );
}
public void ExportLogAndMessages(string path, PathType pathType, string query, string targetFilePath, bool tolerateQueryErrors, CultureInfo targetCultureInfo ) {
if (targetCultureInfo == null)
targetCultureInfo = CultureInfo.CurrentCulture;
ExportLog(path, pathType, query, targetFilePath, tolerateQueryErrors);
NativeWrapper.EvtArchiveExportedLog(this.Handle, targetFilePath, targetCultureInfo.LCID, 0);
}
public void ClearLog(string logName)
{
this.ClearLog(logName, null);
}
public void ClearLog(string logName, string backupPath)
{
if (logName == null)
throw new ArgumentNullException("logName");
NativeWrapper.EvtClearLog(this.Handle, logName, backupPath, 0);
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- GenericEnumerator.cs
- TimelineClockCollection.cs
- AccessibilityHelperForXpWin2k3.cs
- UriSection.cs
- RequestCacheEntry.cs
- __ComObject.cs
- ExtendedPropertiesHandler.cs
- Style.cs
- WebOperationContext.cs
- httpstaticobjectscollection.cs
- DesignerSerializerAttribute.cs
- SafeEventHandle.cs
- WindowsMenu.cs
- ReadOnlyCollection.cs
- AutomationPattern.cs
- EdmToObjectNamespaceMap.cs
- BooleanConverter.cs
- DataViewSettingCollection.cs
- UshortList2.cs
- milrender.cs
- CompositeTypefaceMetrics.cs
- _AutoWebProxyScriptWrapper.cs
- ServiceModelTimeSpanValidator.cs
- WindowsTab.cs
- ControlAdapter.cs
- ArgumentValidation.cs
- FormViewPagerRow.cs
- CharacterBufferReference.cs
- SQLInt64Storage.cs
- BoolExpr.cs
- IImplicitResourceProvider.cs
- _IPv4Address.cs
- DataGridViewCellValidatingEventArgs.cs
- Attributes.cs
- GeometryGroup.cs
- ModelItemExtensions.cs
- Image.cs
- ScaleTransform3D.cs
- HtmlControl.cs
- ObjectDataSourceEventArgs.cs
- MemoryRecordBuffer.cs
- ScriptMethodAttribute.cs
- RecordManager.cs
- MailMessageEventArgs.cs
- DiscreteKeyFrames.cs
- BindToObject.cs
- RuntimeEnvironment.cs
- InvalidCommandTreeException.cs
- CodeTypeOfExpression.cs
- ComNativeDescriptor.cs
- SessionEndingCancelEventArgs.cs
- SafeFindHandle.cs
- XsltSettings.cs
- RemotingAttributes.cs
- Error.cs
- Facet.cs
- Calendar.cs
- MenuItemCollection.cs
- PerformanceCounterPermission.cs
- WindowsToolbar.cs
- DefaultValueAttribute.cs
- DbXmlEnabledProviderManifest.cs
- DataTableClearEvent.cs
- UserPreferenceChangedEventArgs.cs
- DisableDpiAwarenessAttribute.cs
- MouseActionValueSerializer.cs
- ComponentCommands.cs
- ThreadStateException.cs
- ListenerTraceUtility.cs
- MeasurementDCInfo.cs
- WizardPanelChangingEventArgs.cs
- TextSerializer.cs
- WizardStepBase.cs
- Win32.cs
- XamlTemplateSerializer.cs
- WorkflowRuntimeServicesBehavior.cs
- ImageMapEventArgs.cs
- TerminatingOperationBehavior.cs
- AssertSection.cs
- IListConverters.cs
- TagPrefixCollection.cs
- WebReference.cs
- Calendar.cs
- HyperLinkDesigner.cs
- ImageIndexConverter.cs
- PatternMatcher.cs
- ByteStack.cs
- XamlFxTrace.cs
- ControlCachePolicy.cs
- DataGridViewRowConverter.cs
- Nodes.cs
- FixedSOMTextRun.cs
- TimeSpanFormat.cs
- BaseDataListDesigner.cs
- ParallelQuery.cs
- DispatchChannelSink.cs
- WebBaseEventKeyComparer.cs
- ConvertersCollection.cs
- CheckedPointers.cs
- NetMsmqBinding.cs